====== BSY – Introduction to Security ======
The course aims to give a high-level overview of problems in the security of information systems. Participants will be introduced into:

  * Theoretical models of access rights
  * Security of operating systems
  * Sandboxing (compartmentalization)
  * Security of browsers and web applications
  * Pitfalls of network protocols
  * Denial of service attacks
  * Designing secure applications

After the course, you should be able to find information sources related to your security problems.
<note tip>Classes are conducted in English</note>


=== Exam dates ====
  - Tuesday 23.01.2024  14:30 - 16:30
  - Thursday 25.01.2024  14:30 - 16:30
  - Thursday 01.02.2024  14:30 - 16:30
  - 08.02.2024  14:30 - 16:30 (only for people who did not pass  previous exams)
<note tip> Sign up for the exams via KOS</note>

Classes are held weekly on Thursdays, 14:30-17:45 in KN:E-107 according to the following plan:
==== Class Plan ====
^Date^Topic^Recording^Assignment^Additional Resources^
|28.9.2023|<fc #ff0000>Class cancelled (Public holidays)</fc>||
|5.10.2023|[[https://docs.google.com/document/d/1FNaqVauNVFdlLQQnisA-Xc0kX1zTy5QEOU0vcK9xfPI/edit?usp=sharing| Introduction & Basic concepts of security]]|[[https://youtu.be/aqGLzQc2wPw?si=NNnvbAUIJ8nEVCxb|Class 1]]|[[courses:bsy:assignments:#Assignment 1: Hello class infrastructure|A1]]|[[courses:bsy:start:#Networking & Protocols|Networking & Protocols]] [[courses:bsy:start:#Linux tools|Basic Linux tools]]|
|12.10.2023|[[https://bit.ly/BSY2023-2|Finding computers, scanning and basic network analysis]] |[[https://youtu.be/yD82FIp_c2Y?si=8ytZL4xPgpbmS8BY|Class 2]]|[[courses:bsy:assignments#Assignment 2: Network scanning | A2]] [[courses:bsy:assignments#Assignment 3: Packet capturing | A3]]|
|19.10.2023|[[https://bit.ly/BSY2023-3|Attacking devices in the network, vulnerabilities, exploits]]|[[https://youtu.be/asXWfmBG8tw?si=0fNGENrYKfGp0f34|Class 3]]|[[courses:bsy:assignments#assignment_4exploits_vulnerabilities|A4]]|
|26.10.2023|[[https://bit.ly/BSY2023-4|🎃Detection of attacks, Hardening user Access, Host-based IDS]]|[[https://youtu.be/10_bVwDglbM?si=u1H0aug6A55z71Pl|Class 4]]|[[courses:bsy:assignments#Assignment 5: Securing Linux devices| A5]]|
|2.11.2023|[[https://bit.ly/BSY2023-5 |Virtualization, sandboxing, honeypots and threat intelligence]]|[[https://youtu.be/t2zc6oNEAAQ?si=sG59anO_CmIIiMPU|Class 5]]|[[courses:bsy:assignments#Assignment 6: Honeypots| A6]]|
|9.11.2023|[[https://docs.google.com/document/d/19Xu1PoYoGyhXKix5JkKg7NmD6Xyne_T0N5VwtPfkBW8/edit?usp=sharing|Priviledge escalation, persistence, side-channel attacks]]|[[https://youtu.be/kB4ZtSQoJZ0?si=rQ8M3sRkO-oJ0oUz|Class 6]]|[[courses:bsy:assignments#Assignment 7: Persistance&Escalation| A7]]|
|16.11.2023|[[https://bit.ly/BSY2023-7 |Binary exploitation & Secure Coding]]|[[https://youtu.be/LDgx3RS9hUE?si=FSfyWLYYQToZM4uk|Class 7]]|-|
|23.11.2023|[[https://bit.ly/BSY2023-8|Binary reversing, static & dynamic code analysis]] (<fc #ff0000>Moved to room T2:D3-209 in Dejvice</fc>) |[[https://youtu.be/_Lk0p1CG9ws?si=OiZnJhbJGwHzzSfd|Class 8]]|[[courses:bsy:assignments#Assignment 8: Reversing| A8]]|
|30.11.2023|[[https://docs.google.com/document/d/1GO6XRPxR7-s6hAO1jJNi4W2MbnMHWzFD0fLTNx-fsd4/edit?usp=sharing|Malware, C&C channels, DoS attacks]] |[[https://youtu.be/LuB5c9EuNWw?si=7kid6eWYViCS7N0e|Class 9]]|[[courses:bsy:assignments#Assignment 9: C&C Client| A9]]|
|7.12.2023| <fc #ff0000>Class cancelled</fc>||
|14.12.2023| [[https://bit.ly/BSY2023-10 | Malware detection, packet analysis, Netflows, ML for cybersecurity]]|[[https://youtu.be/ivNHQg3xkMI?si=e11a4Nrc1VIFjfSP|Class 10]]|[[courses:bsy:assignments#Assignment 10: Malware Detection| A10]]|
|21.12.2023| [[https://bit.ly/BSY2023-11  |Web attacks, Browser Security, Cryptography]]|[[https://youtu.be/alY7nK60a6Q?si=y_wwh4UZFCelq4BC|Class 11]]|-|
|11.1.2024| [[https://bit.ly/BSY2023-12|Security of mobile devices]]|[[https://youtu.be/7rCw1tANIXA?si=QH2o8GDZxItd6YKq|Class 12]]|-|


<note tip>Students can attend the classes in person or online via [[https://www.youtube.com/watch?v=emSTWL2Cy04|Livestream]]. Although attendance of the classes is not mandatory, it is strongly encouraged and recommended for successfully solving the assignments.

Recordings of the tutorials will be added to the class [[https://www.youtube.com/playlist?list=PLQL6z4JeTTQnGdmCYHZr0mows5IWI0TvM|playlist]]</note>


A shared document is created for every class which contains the theoretical background and all commands used in the class. Students are welcome to suggest changes/improvements directly in the document. Merged documents in a single file: {{ courses:bsy:bsy_2023_support_material_combined.pdf | BSY 2023 Support Material}}

==== Extra material ====

Over the course of the class, additional support material will be added here:
----

== Linux tools ==

[[https://gist.github.com/glnds/8862214|less]][[https://gist.github.com/glnds/11027696|vim]][[https://gist.github.com/glnds/15274c4897953b912d2a|tmux]]

----

== Networking & Protocols ==

[[https://csc-knu.github.io/sys-prog/books/Andrew%20S.%20Tanenbaum%20-%20Computer%20Networks.pdf|Comuter Networks]]
[[https://www.youtube.com/playlist?list=PLIFyRwBY_4bRLmKfP1KnZA6rZbRHtxmXi|Networking Fundamentals]]
[[https://www.menandmice.com/blog/ipv6-reference-header-eui-64|IPv6 header]]
[[https://www.menandmice.com/blog/ipv6-reference-address-space|IPv6 addresses]]
[[https://www.menandmice.com/blog/ipv6-reference-multicast|IPv6 multicast]]
[[https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/|What is SNI?]]

----
== Penetration testing ==

[[https://www.emagined.com/blog/penetration-testing-methodologies | Pentest methodologies]]
----
== Network scanning & attacking ==
[[https://www.comparitech.com/net-admin/nmap-nessus-cheat-sheet/|Nmap cheatsheet]]
[[https://github.com/mcw0/PoC/tree/master|IoT security]]
----
== Packet capturing & analysis ==

[[https://opensource.com/article/18/10/introduction-tcpdump|Introduction to TCPDump]]
[[https://packetlife.net/media/library/12/tcpdump.pdf|TCPDump cheatsheet]]
[[https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html|Wireshark docs]]
[[https://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf|Wireshark filters]]
----
== Social Engineering ==
[[https://blog.acolyer.org/2016/03/15/a-taxonomy-of-attacks-and-a-survey-of-defence-mechanisms-for-semantic-social-engineering-attacks/|Attack taxonomy]]
----
==== Class Facilitators ====
^{{ :courses:bsy:sebas.jpg?nolink&200 |}}^{{ :courses:bsy:mariar.jpg?nolink&200 |}}^{{ :courses:bsy:ondrejl.jpg?nolink&200 |}} ^ {{ :courses:bsy:veronica-valeros.jpg?nolink&200 |}}^{{:courses:bsy:lukas-forst-1x1.jpeg?nolink&200|}}^{{:courses:bsy:martin-repa-1x1.jpeg?nolink&200|}}^
|**Ing. Sebastian Garcia, PhD**|**Ing. Maria Rigaki**|**Ing. Ondřej Lukáš**|**Ing. Veronica Valeros**|**Ing. Lukáš Forst**|** Ing. Martin Řepa**|
|Teacher| Teaching Assistant| Teaching Assistant| Teaching Assistant| Teaching Assistant| Teaching Assistant|

----

==== Communication channels ====
In case you need to contact the teachers there are two options:
  - Send an email to **ALL** teachers via [[13136-bsy@fel.cvut.cz|13136-bsy@fel.cvut.cz]] (this way, any of them can answer), and always reply to all
  - Contact us via [[https://matrix.bsy.stratosphereips.org/_matrix/static/|Matrix]] platform:
    * You can use [[https://app.element.io/#/login|Element]] as client
    * Don't forget to use the class home server: https://matrix.bsy.stratosphereips.org
    * Credentials for login will be sent at the beginning of the class
==== Requirements & Grading ====

For successful class completion, students must complete a series of [[courses:bsy:assignments | assignments]] (aka Zapocet) **and** the exam/bonus assignment.
  * You need **30 points** (out of 50) from the assignments to get the **Zápočet**. 
  * Surplus over 40 points, will improve your final grade **after** passing the exam/bonus assignment(up to 10 points).
  * The [[courses:bsy:assignments#Bonus assignment|Bonus assignment]] is a special assignment given over Christmas which allows you to skip the exam if completed.
  * Both bonus assignment and exam include theoretical **AND** practical tasks
  * Extra points can be awarded for:
      * //Special Award for Services to the School//  - If you do something notable and we like it, you can get points!
      * Participation in the [[courses:bsy:assignments#Side quest|Side quest]]. 
{{:courses:bsy:2023_bsy_security_class_diagrams_1_.jpg?nolink&900|}}

The final grade is computed using the standard CTU grading scale as follows:

<fc #B90000>Exam score</fc> + <fc #5174FF>surplus from assignments</fc> + <fc #048903>any additional points</fc> = **Total points**


^Grade^A^B^C^D^E^F^
|**Total points**|90+|81-89|70-79|60-69|50-59|<50|

-------
=== Examples ===
>You get 50 points in the assignments. You can take 10 points to the exam. In the exam, you get 85 points. You end up with a total of 85 + 10 = 95 points, which is grade **A**

>You get 41 points in the assignments. You can take 1 point to the exam. In the exam you get 59 points  you end up with a total of 59 + 1 = 60 which is grade **D**

>You get 35 points in the assignments.  You get Zapocet and can take the exam but without any bonus points. The points you score in the exam define your grade.
==== FAQ ====
>**How do I pass the course?**
>>You must collect at least 30 points from the assignments to get an Assessment (Zapocet). After that you need to get at least 50 points from the exam to pass the course.
>**I have scored above 40 points from the assignments, how does it benefit me?**
>> Anything above 40 points is added to your exam score after passing it. For example if you reach 46 points from the semester and 75 from the exam, your final score is 75 + 6 = 81, which is equal to grade 'B' 
>**What are the due dates? Is there a penalty for submitting my work after the due date?**
>>Each assignment has a hard deadline. Submission is not possible after the deadline.
>**Can I re-submit an assignment?**
>>Yes, but in some cases, there are limits on the flag submission so we prevent brute-forcing.
>**Do I have to submit all assignments?**
>>No, you don't have to submit everything as long as the number of points exceeds 30.
>**Can I submit the bonus assignment and still take the exam?**
>>Yes, you can take the exam after submitting the bonus assignment.  If you earn more points in the exam, your grade will be improved.
>**My container is not working. What do I do?**
>> Contact TAs via email or Matrix.
>**I have not received/lost credentials for my docker or Matrix account**
>> Contact TAs via email.